The 1st thing you need is a firewall policy with ssl-ssh inspection profiles. This needs to be applied to the firewall.policy.
This policy #8 has a AV-profile and using the default AV profile that comes in every NGFW FTNT appliance.
NOTE: The ssl-ssh profile "NEWSSH" was crafted for my HTTPS deep-inspecton.
Now with these 2 combinations, we have AV inspection and SSH/TLS inspection. The fortigate will intercept the webcliet-browser and inject the issuer string as the fortigate for the CA-Chain & on the back inspect the HTTP traffic.
And a typical AntiVirus UTM log will be generated
Yes it's that simple to enable AV protection for webbrowsers. For regular HTTP ( non secure ) the principle ideal exist without the need for a SSH/TLS-inspection profile and the service enabled for HTTP.
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment